@sidnya, your topic has enormous relevance, and the “What is the harm?” question is very often asked!
We have a lot of info on this forum that addresses parts of it, but the problem is that this content is dispersed. I love the information sources that @Bozon has provided!
The issue at large needs to be tackled in a more efficient way. Either by collecting sites like the above that present a clear overview of what is wrong, or create a project ourselves that will provide clear insights into these things. At the CHT they have developed the Ledger of Harms, and they have plans to expand that significantly and make it a crowdsourced project.
In the past I have proposed to create a solution-oriented version of it, called the Harms of Technology Fixes - a pattern library of harms and their solutions - with the acronym of Hotfix. It is at the idea stage and you can read more info in this Github issue.
Besides these initiatives we could develop more targeted campaigns in our Awareness Program, e.g., more dynamic awareness tools. The Dutch non-profit had a page, looking like a blog post, where you are asked to fill in some data here and there, and then gradually the blog post would be personalized to you, and you become the subject of the article. Very cool.
You could take that further by applying some deeper analysis processing and other data known about a person to really create a disturbing read that highlights what is possible. At the end then you reassure the user that no data is stored and it was just an awareness campaign.
Another idea I found on Mastodon (posed by user Strypey) was also very cool to mention. Quoting his post:
“I’m envisioning a user education project that masquerades as a new Silicon Valley startup, with a website and mobile apps. It would implement every design anti-pattern used by typical startups, like asking for access to contact lists on other services to help users “find your friends”, asking for every permission available on a mobile during install etc. But instead of exploiting these, it would email the user, explaining all the ways the information they gave could have been used to do so.”
To which I added:
“Would also be nice to show balloon popups as soon as you were baited into a #darkpattern or generate a report of all of these at the end of your session.”
But this could also include the data collected in sneaky ways.